Privacy Notice

Sierra Oncology Privacy Notice

Last updated: 08 JAN 2019

In the regular course of business, Sierra Oncology, Inc., including its wholly owned Affiliates and successors (together referred to as “Sierra Oncology”, “we”, “our”, “us”) interacts and communicates directly with health care professionals, clinical trial participants, business partners, regulatory authorities, and others. Through these interactions and communications, Personal Information may be provided to Sierra Oncology and processed electronically and/or manually. Sierra Oncology respects individual privacy and values the confidence of such individuals. This Privacy Notice sets forth Sierra Oncology’s privacy principles with respect to Personal Information, including the privacy procedures and technical security measures Sierra Oncology follows in its normal course of business to keep Personal Information private and secure.

Sierra Oncology’s US parent entity, Sierra Oncology, Inc, participates in both the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Frameworks. Sierra Oncology, Inc. commits to comply with the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles (“Principles”) for all Personal Information received from the EU or Switzerland which was provided in reliance on Privacy Shield. For purposes of Privacy Shield compliance enforcement, Sierra Oncology, Inc is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
For more information about the Privacy Shield generally and to view our certification online, please visit https://www.privacyshield.gov.

If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

What does Sierra Oncology do?

Sierra Oncology is a clinical stage drug development company advancing targeted therapeutics for the treatment of patients with unmet medical needs in hematology and oncology. We are oriented towards achieving the successful registration and commercialization of our product candidates. We have a highly experienced management team with a proven track record of success in drug development and we are advancing an emerging pipeline of targeted therapies in hematology and the DNA Damage Response (DDR) Network.

Scope

This Privacy Notice applies to Personal Information received by Sierra Oncology (including Personal Information received by third-party organizations or individuals acting as Service Providers of Sierra Oncology) from health care professionals, clinical trial participants, business partners, and other individuals, in any format, including electronic and paper, as part of Sierra Oncology’s business operations as well as from the Sierra Oncology website [ https://www.sierraoncology.com] (“Website” or “Site”). Types of third-party organizations include Sierra Oncology Affiliates and business partners, a current list of which is available upon request.

Definitions

For the purposes of this Privacy Notice, the following definitions shall apply:

  • “Affiliate” means any third party which is under common control with Sierra Oncology.
  • “Service Provider” means any consultants, contractors (including temporary employees), agents, and/or third-party vendors that process Personal Information on behalf of Sierra Oncology.
  • “Sierra Oncology Website(s)” means websites controlled by Sierra Oncology.
  • “Personal Information” means any information or set of information that relates to a data subject. Identification of an individual can be either direct or indirect and can be made by or on behalf of Sierra Oncology.
  • “Pseudonymization” means the processing of Personal Information in such a manner that such information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Information is not attributed to a data subject.
  • “Principles” means the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles.
  • “Sensitive Personal Information (SPI)” means a Sierra Oncology-defined subset of Personal Information (similar to the EU-defined Special Categories of Personal Data, with additional attributes), SPI includes information revealing unique government identifiers, financial information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation, or any criminal offenses (alleged or otherwise).

Notice

The collection, processing, storage, use, and disclosure of Personal Information in the business context is essential to the conduct of many of Sierra Oncology’s business functions. Sierra Oncology may collect, process, store, use, and disclose Personal Information from individuals directly and/or from third parties, subject to applicable law.

Legal basis for processing Personal Information

Sierra Oncology’s legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, Sierra Oncology will normally collect Personal Information from you only where you have given adequate authorization or consent. There are a number of instances where Sierra Oncology does not require your consent to engage in the processing or disclosure of Personal Information. Sierra Oncology may not solicit your consent for the processing or transfer of Personal Information for those purposes which have a statutory basis, such as:

  • The transfer or processing is necessary for the performance of a contract between you and Sierra Oncology (or one of its affiliates);
  • The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defence of legal claims, or to protect your vital interests; or
  • The transfer or processing is required by applicable law.
  • The transfer or processing is necessary for the purposes of the legitimate interests pursued by Sierra Oncology or a third party (such as those listed in the “Purpose for Collection, Use and Disclosure of Personal Information” section below), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Purpose for collection, use and disclosure of Personal Information

Sierra Oncology collects, uses and discloses your Personal Information to operate its business, including for the following purposes:

  • Establishing and maintaining communications with you;
  • Where you have requested participation in a clinical trial with Sierra Oncology or one of Sierra Oncology’s partners;
  • Where you have requested a service from Sierra Oncology, assisting you in the completion of your application, the assessment of your eligibility for any such requested service, the processing and maintenance of the service, as well as any applicable renewal of such service;
  • Responding to your inquiries about applications, trials and other services;
  • Making proposals for future service needs;
  • Processing transactions through service providers;
  • Meeting legal, security, processing, and regulatory requirements;
  • Protecting against fraud, suspicious or other illegal activities; and compiling statistics for analysis of our sites and our business.
  • Sierra Oncology may consolidate or aggregate Personal Information in a non-identifiable form (de-identified/Pseudonymized data) to help Sierra Oncology improve product design and services, to enhance Sierra Oncology’s research activities, and to facilitate other business functions.

What data we collect

When interacting with Sierra Oncology, you may choose to provide us with information to help us serve your needs. The Personal Information that we collect will depend on how you choose to interact with Sierra Oncology.

Where you participate in Clinical Trials

If you participate in a clinical trial with Sierra Oncology, or one of our partners, we will collect Personal Information about you as is necessary to fulfil the purpose of the clinical trial. This can include SPI such as biological and medical information about you. However, Personal Information will be Pseudonymized, as appropriate and in accordance with our security requirements, to both protect your privacy as well as maintain the integrity of the clinical trial.

Where you request information about our services

If you request further information about our services, we may ask you to submit your contact details (such as your name, e-mail address, the name of your organization, and the country in which you are based) so we may send you the material you have requested, and to enable us to identify whether you have an existing relationship with Sierra Oncology.

Where you register with us and/or request services

If you request a service from us, we may ask you to submit your contact details (such as your name, e-mail address, country, telephone number) and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. This information can include information you provide on applications or other forms, which may include your name, address, email address, and payment information.

When you use our Website

The Personal Information that we may collect about you broadly falls into the following categories:

Information that you provide voluntarily
Certain parts of our Website may ask you to provide Personal Information voluntarily: for example, we may ask you to provide your contact details in order to register an account with us, and/or to submit enquiries to us. The Personal Information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your Personal Information.

Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered Personal Information under applicable data protection laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained in our Cookie Notice

Additional information

Individuals should not provide Sierra Oncology with any Personal Information that is not specifically requested. Where Sierra Oncology receives Personal Information from its Affiliates, or other entities, it will use or disclose such Personal Information in accordance with the above procedures.

Disclosure of information to others

We do not disclose any Personal Information about you to any third parties except as stated in this Privacy Notice or as notified to you, or as otherwise permitted by law, or authorized by you.

Generally
Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Information confidential and secure; and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation, which purposes are as follows:

As is necessary to fulfil a clinical trial to which you are a participant;

To provide the products and services you have requested from us;

To notify you, or allow our affiliated companies to notify you of certain products or services offered by our affiliated companies;

For legal, regulatory, and related purposes; and

To process transactions through data processing service providers.

If these third parties wish to use your Personal Information for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us at: DPO@sierraoncology.com for more information on these third parties.

Affiliate Sharing
In the normal course of performing services for our clients, Personal Information may be shared within Sierra Oncology and its Affiliates for research and statistical purposes, drug safety and efficacy purposes, system administration and crime prevention or detection, or any purpose otherwise identified in this Privacy Notice.

Service Providers
Because a number of the Service Providers we use in pursuance of the purposes mentioned above are located in countries other than your own, your Personal Information will be processed and stored inside the countries where our Service Providers are located. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request under local laws.

However, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Privacy Notice.

Business Transactions
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Information, generally is one of the transferred business assets. In addition, if either Sierra Oncology itself or substantially all of Sierra Oncology assets were acquired, your Personal Information may be one of the transferred assets. Therefore, we may disclose and/or transfer your Personal Information to a third-party in these circumstances.

Other Legally Required Disclosures
Sierra Oncology reserves the right to disclose without your prior permission any Personal Information about you or your use of this Site if Sierra Oncology has a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of Sierra Oncology, employees, other users of this Site, or the public; (b) enforce our agreements ; (c) as required by a legally valid request from a competent public authority including to meet national security or law enforcement requirements and/or to comply with a judicial proceeding, court order, or legal process; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Information as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.

Choice

Where Sierra Oncology relies on consent for the fair and lawful processing of Personal Information, the opportunity to consent will be provided prior to when the Personal Information in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Sierra Oncology relies on consent, you will be entitled to withdraw that consent at any time.

For SPI, Sierra Oncology will provide individuals the opportunity to affirmatively and explicitly authorize or consent to the collection, processing, transfer, or disclosure of their SPI to a non-Agent third party or the use of their SPI for a purpose other than the one for which the individual originally consented.

Sierra Oncology will not disclose your Personal Information to third parties except as otherwise stated in this Privacy Notice or otherwise notified to you.

International Transfers

Sierra Oncology maintains servers and other storage facilities in the United States and Canada. Sierra Oncology may transfer Personal Information outside of its country of origin for the purposes, and in the manner, set out above; including for processing and storage by Service Providers and Affiliates in connection with such purposes. In all situations, Sierra Oncology takes appropriate steps to ensure that your privacy is protected. Such steps include, but are not limited to: implementing privacy, security, and contractual controls, implementing the Privacy Shield’s onward transfer terms; as well as steps noted above, as required by applicable law. To the extent that any Personal Information is transferred out of an individual’s country, it is subject to the laws of the country in which it is stored, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country, consistent with the Principles. To the extent that any Personal Information from the European Economic Area (EEA) is transferred outside of the EEA, Sierra Oncology, Inc. has certified to the EU-US and Swiss-US Privacy Shield Framework, and complies with the Privacy Shield Principles for all Personal Information received from the EU or Switzerland which was provided in reliance on Privacy Shield.

Accountability for Onward Transfers

Sierra Oncology will obtain assurances from its Service Providers and Affiliates that they will safeguard Personal Information consistent with this Privacy Notice. An example of appropriate assurances that may be provided by Service Providers and Affiliates includes a contractual obligation that they provide at least the same level of protection as is required by the Privacy Shield Principles. Where Sierra Oncology has knowledge that a Service Provider or Affiliate is using or disclosing Personal Information in a manner contrary to this Privacy Notice, Sierra Oncology will take appropriate steps to prevent or stop the use or disclosure. If Sierra Oncology has received your personal information in the United States and subsequently transfers it to a third party acting as an agent, and such agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, Sierra Oncology will remain responsible unless it can prove it is not responsible for the event giving rise to the damage.

Security

Sierra Oncology has implemented reasonable and appropriate physical, technical and managerial controls and safeguards to keep your Personal Information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include but are not limited to: the encryption of communications, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols.

Access to Personal Information is limited to a restricted number of Sierra Oncology employees whose duties reasonably require such information, Service Providers with whom Sierra Oncology contracts to carry out business activities for Sierra Oncology, and, with an individual’s consent, certain companies with which Sierra Oncology may conduct joint programs. Personal Information handled by Service Providers, or companies with which Sierra Oncology may conduct joint programs, is governed by this Privacy Notice and the Principles.

Data Retention and Purpose Limitation

Sierra Oncology will use Personal Information only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. Sierra Oncology will have appropriate steps in place to ensure that Personal Information is relevant to its intended use, accurate, complete, and current. Sierra Oncology will only store Personal Information for as long as it is needed to fulfil the purposes for which it was collected, subject to applicable data retention periods imposed upon Sierra Oncology by applicable law. This may mean that your Personal Information is stored by Sierra Oncology for a number of years, depending on the purpose and need for that data to be processed. For more information about Sierra Oncology’s retention periods for Personal Information, please refer to the contact information section below.

Cookies and similar tracking technology used on our Website

Sierra Oncology uses cookies and similar tracking technology (collectively, “Cookies”). For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice

Your Rights

In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your Personal Information; (ii) obtain access to or a copy of your Personal Information; (iii) receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) object to or restrict our uses of your Personal Information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Information; and (vi) request erasure of Personal Information held about you by Sierra Oncology, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us at: DPO@sierraoncology.com.

We will process such requests in accordance with applicable laws. To protect your privacy, Sierra Oncology will take steps to verify your identity before fulfilling your request.

Any requests to opt-out of future communications from Sierra Oncology, or to opt-out of a particular Sierra Oncology program should be directed to Sierra Oncology by e-mail at DPO@sierraoncology.com

If Sierra Oncology’s processing of your Personal Information is covered by EU law, you may lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Policy Toward Children using Sierra Oncology Websites

Sierra Oncology Websites are not directed to children under 16 (or other age as required by local laws) and we do not knowingly collect Personal Information from children. If Sierra Oncology learns that Personal Information of a child has been collected steps will be taken to delete such information from Sierra Oncology files as soon as possible.

Recourse, Enforcement and Liability

Individual Complaint
Individuals may contact Sierra Oncology regarding any question or complaint regarding the collection, processing, and/or transfer of their Personal Information by emailing DPO@sierraoncology.com. Sierra Oncology will promptly investigate and respond to complaints without delay and within the time limits prescribed by applicable laws. Sierra Oncology will attempt to resolve complaints, disputes and requests to revoke consent regarding collection, processing, transfer, and disclosure of Personal Information in accordance the principles contained in with this Privacy Notice, and applicable law and the Principles.

Sierra Oncology will conduct periodic compliance audits of its relevant privacy practices to verify adherence to this Privacy Notice.

Independent Recourse Mechanism

If you have an unresolved Privacy Shield complaint that Sierra Oncology has not addressed satisfactorily, Sierra Oncology commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by them in respect of the complaint.

Binding Arbitration

In the event that you cannot fully resolve your Privacy Shield complaint through the above mechanisms, it is possible that you may use binding arbitration as a final resort.
For more information on how to invoke arbitration under the Privacy Shield Framework, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Contact Information

Any questions or concerns regarding handling of Personal Information by Sierra Oncology, or related to revocation of consent to collect, process, transfer, or disclose or your Personal Information should be directed by email to DPO@sierraoncology.com.

Alternatively, letters may be sent to the following address:

Sierra Oncology, Inc.

ATTN: Data Privacy Office

46701 Commerce Center Drive, Plymouth, MI 48170

For the processing of Personal Information relating to the European Economic Area, Sierra Oncology has assigned a Data Protection Officer responsible for overseeing our compliance with EU data protection law, who you may contact at DPO@sierraoncology.com in case of any questions or concerns regarding the processing of your Personal Information.

All communications to Sierra Oncology should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of the request. E-mail requests to delete, amend, or correct Personal Information should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the e-mail. Sierra Oncology will endeavour to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable law.

Changes To Sierra Oncology Privacy Notices

Sierra Oncology reserves the right to amend this Privacy Notice from time to time to reflect technological advancements, legal and regulatory changes, and Sierra Oncology’s business practices, subject to applicable laws. If Sierra Oncology changes its privacy practices, an updated version of this Privacy Notice will reflect those changes. Sierra Oncology will provide notice of such changes by updating the effective date listed on this Privacy Notice.

When Sierra Oncology updates its Privacy Notice, Sierra Oncology will take appropriate measures to inform you, consistent with the significance of the changes made. Sierra Oncology will obtain your authorization or consent to any material Privacy Notice changes where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.